Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6ab1032c-468b-4033-a194-12329f5ac115.roa
File:                     6ab1032c-468b-4033-a194-12329f5ac115.roa (raw, json)
Hash identifier:          Gloge/aRLoYgAREX2qaIQ/s9Ou7R8th0K87grghszdw=
Subject key identifier:   8C:A8:83:D1:61:56:CD:AB:B3:62:FE:57:3D:B0:C9:E8:B8:21:63:53
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1AE017E0709B62F27CEAF64EEEDE019E389D7406
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6ab1032c-468b-4033-a194-12329f5ac115.roa
Signing time:             Wed 04 Oct 2023 00:00:00 +0000
ROA not before:           Wed 04 Oct 2023 00:00:00 +0000
ROA not after:            Wed 08 Nov 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:e0:17:e0:70:9b:62:f2:7c:ea:f6:4e:ee:de:01:9e:38:9d:74:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  4 00:00:00 2023 GMT
            Not After : Nov  8 23:59:59 2023 GMT
        Subject: serialNumber=c4f155b308dc56ee9f2066dadb96c9f883ac60607242f6189814726c8f4e9dad, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b0:0a:79:b1:78:1b:ef:3c:b5:bc:75:e0:68:
                    07:51:16:aa:d8:7d:79:3b:e2:8f:aa:e9:59:5c:45:
                    3c:30:c3:39:b9:26:5a:5f:1e:b0:e8:08:04:ca:c6:
                    90:5d:15:81:ef:50:97:c5:d9:50:bc:da:b2:3b:2c:
                    2d:d2:84:f1:84:7d:20:e8:a7:f1:c4:69:19:81:f6:
                    13:9c:2b:a7:02:e1:15:b9:1a:53:dd:56:2a:ee:33:
                    cf:cf:89:41:3a:75:dd:40:5e:00:55:4b:da:22:e0:
                    2a:b8:c3:06:8f:73:f7:1c:55:87:b2:93:e3:79:72:
                    d9:25:ac:6d:2c:73:0f:e8:03:25:22:ad:d4:79:d6:
                    5f:68:98:0b:4a:24:99:cc:a6:6a:c5:90:76:52:4e:
                    7b:9a:03:fd:86:eb:4e:6e:70:5b:6f:5e:a0:29:23:
                    be:cc:f2:f2:62:0c:79:ab:ec:96:49:11:8b:11:83:
                    dc:69:93:f1:da:9e:4e:46:a6:ba:35:d9:18:43:fd:
                    8e:f4:f0:b3:ba:7b:03:b3:65:5e:a6:85:63:99:34:
                    42:0a:2b:6f:4d:3c:0d:61:9e:bb:f3:7d:ac:66:58:
                    a4:da:8a:f7:7e:0f:30:0d:c9:55:ba:33:ad:ab:19:
                    17:48:f4:ef:c4:13:5a:8c:42:5b:f9:76:ca:a3:45:
                    1d:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:A8:83:D1:61:56:CD:AB:B3:62:FE:57:3D:B0:C9:E8:B8:21:63:53
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6ab1032c-468b-4033-a194-12329f5ac115.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:31:d5:ac:6c:6b:57:0c:14:cb:16:31:5d:c4:31:68:40:ca:
         3a:00:f7:e2:fe:3c:99:77:34:46:98:cc:62:64:3a:c8:a6:24:
         08:85:9f:82:73:ff:b7:e8:1d:b9:a8:af:98:13:6c:32:eb:f8:
         6b:56:47:17:4c:82:b6:0a:19:de:2e:44:9c:50:0f:84:8c:ca:
         c5:10:b8:b2:6b:da:88:3a:d7:24:4b:da:74:24:3a:b1:31:47:
         dc:80:37:dd:f5:8c:8f:89:7a:c4:2d:e8:62:8d:8a:9c:9b:bf:
         c6:3d:d6:f0:7a:a1:fc:9a:94:f9:f7:d5:2b:64:bf:55:55:58:
         66:71:16:a9:83:42:41:cf:c6:34:2d:e6:de:48:cd:2f:85:e5:
         fe:00:73:f2:40:da:29:05:0f:0b:fb:d8:c6:a9:b4:5e:bb:c0:
         ae:06:ee:ce:28:b0:6f:15:b7:aa:3d:e9:ef:fe:32:66:4f:41:
         52:d1:ea:d1:a4:00:c9:a8:53:7f:8c:f0:6f:72:6e:16:85:22:
         f1:51:99:b1:84:e8:db:b4:b0:c5:bc:d2:05:d6:f9:68:d2:f5:
         ae:76:39:5e:0a:b0:aa:c1:43:c4:15:60:50:37:88:8b:78:70:
         a7:1b:b0:41:b6:6a:39:57:a0:9d:68:47:85:4a:92:7c:5d:46:
         65:88:52:42
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGuAX4HCbYvJ86vZO7t4BnjiddAYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDA0MDAwMDAwWhcNMjMxMTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNGYxNTViMzA4ZGM1NmVlOWYyMDY2ZGFkYjk2YzlmODgz
YWM2MDYwNzI0MmY2MTg5ODE0NzI2YzhmNGU5ZGFkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAsAp5sXgb7zy1vHXgaAdRFqrYfXk74o+q6VlcRTwwwzm5
JlpfHrDoCATKxpBdFYHvUJfF2VC82rI7LC3ShPGEfSDop/HEaRmB9hOcK6cC4RW5
GlPdViruM8/PiUE6dd1AXgBVS9oi4Cq4wwaPc/ccVYeyk+N5ctklrG0scw/oAyUi
rdR51l9omAtKJJnMpmrFkHZSTnuaA/2G605ucFtvXqApI77M8vJiDHmr7JZJEYsR
g9xpk/Hank5Gpro12RhD/Y708LO6ewOzZV6mhWOZNEIKK29NPA1hnrvzfaxmWKTa
ivd+DzANyVW6M62rGRdI9O/EE1qMQlv5dsqjRR3BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjKiD0WFWzauzYv5XPbDJ6LghY1MwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzZhYjEwMzJjLTQ2OGItNDAzMy1hMTk0LTEyMzI5ZjVhYzExNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFMx1axsa1cMFMsWMV3EMWhAyjoA
9+L+PJl3NEaYzGJkOsimJAiFn4Jz/7foHbmor5gTbDLr+GtWRxdMgrYKGd4uRJxQ
D4SMysUQuLJr2og61yRL2nQkOrExR9yAN931jI+JesQt6GKNipybv8Y91vB6ofya
lPn31Stkv1VVWGZxFqmDQkHPxjQt5t5IzS+F5f4Ac/JA2ikFDwv72MaptF67wK4G
7s4osG8Vt6o96e/+MmZPQVLR6tGkAMmoU3+M8G9ybhaFIvFRmbGE6Nu0sMW80gXW
+WjS9a52OV4KsKrBQ8QVYFA3iIt4cKcbsEG2ajlXoJ1oR4VKknxdRmWIUkI=
-----END CERTIFICATE-----